Optimizing NTLM authentication flow in multi-domain environments

I’ll start with the obvious: Kerberos is the way to go. NTLM is less secure and is being de-emphasized in the recent versions of the OS. Your first option should always be to attempt to make your applications work with Kerberos. But things take time and it will be long till we find ourselves in…

14

Inspecting pending outbound changes between two DFSR replicas

Well, as promised, this one is a technical post. Many words have been spoken about DFSR and there is not much I can add when it comes to inner works of DFSR and ways of troubleshooting it. But let’s assume for a moment that our DFSR deployment is fine and working as expected. The specific…

8

Using the DirSync control

  Hello world, This is Michael. I’m a member of the Israeli platform team and I’m here to write about some attempts and eventually the success (wohooooo!) of implementing and using the DirSync control from S.DS.P (System.DirectoryServices.Protocols) namespace. This post will be around developing in C# for AD… I guess it’s also possible in powershell,…

6

Disaster Recovery Site and Active Directory (Part 1 of 3)

Hi All, Michael here again, and this time I would like to talk a little bit about Active Directory replication and Disaster Recovery sites. Since the not so recent events (taking place on 9/11) many companies started to invest time and money in designing and implementing Disaster Recovery solutions which are located at a different…

6

Disaster Recovery Site and Active Directory (Part 2 of 3)

So in Part 2 of the series we’re going to discuss the following scenario: The challenge in this scenario is to make the clients in the different Branch sites to failover to their closest Hub sites. It’s obvious that HUB is the best option for failover from Branch when the DC in branch (Child-DC03) fails,…

5

Disaster Recovery Site and Active Directory (Part 3 of 3)

Welcome to part 3 of the series… hopefully you have enjoyed the first two parts where we have discussed client logon and clients failover between Domain Controllers and sites. In the last part of the series we’re going to discuss Domain Controller replication failover between a Hub, Branch and DRP sites and different scenarios when…

4

GPP Drives maps causing slow logon due to unavailable file servers – and how to make sure they won’t

  Michael here again, and this time I would like to discuss the Group Policy preferences drive maps feature and some caveats on the way. The Group Policy Preference is a powerful new feature introduced with Windows Vista and later. Using the GPP opens a lot of new options like creating registry keys, copying files,…

4

And sometimes the GUI does not tell you the whole story

Hi All, Hello world! This is Moti. Just as Michael and Guy, I am a member of the Israel PFE team, specializing in Performance/Internals, Remote Desktop and Failover Clustering. I have been working recently on a case and came across an interesting performance behavior of SQL server installed with SCCM server. It appeared that the…

3